WSO2, profile picture
Uploaded byWSO2
PPT, PDF2,514 views

Workshop: API Management

The document outlines the agenda and key topics for a WSO2 API Management workshop, including an introduction to the API economy, API management exercises, and demonstrations of the WSO2 Identity Server. It emphasizes the importance of API management capabilities such as creation, security, monitoring, and analytics while explaining the roles involved in API management. Additionally, it discusses enterprise identity solutions, multi-factor authentication, and highlights various WSO2 products and their open-source nature.

Technology
Related topics:
API Management Trends

Embed presentation

Downloaded 257 times
@pzfreo #wso2 API Management Workshop JAX London Paul Fremantle Senaka Fernando @pzfreo #wso2
Agenda • Introductions and Welcome • API Economy and Vision • API Management Overview • API Management Exercise • Short Introduction to WSO2 Identity Server • Identity Server demonstration @pzfreo #wso2
Open Enterprise Credit: KuppingerCole @pzfreo #wso2
Changing models of business @pzfreo #wso2
Frictionless Business • Integration with other companies and organizations • API Management • Self-signup for developers • Almost zero cost per transaction • Approaching zero time for onboarding @pzfreo #wso2
@pzfreo #wso2
Connected Platform @pzfreo #wso2
APIs meet SOA @pzfreo #wso2 8
Managing APIs o An API is a business capability delivered over the Internet to internal or external consumers o Network accessible function o Available using standard web protocols o With well-defined interfaces o Designed for access by third-parties o A Managed API is: o Actively advertised and subscribe-able o Available with SLAs o Secured, authenticated, authorized and protected o Monitored and monetized with analytics @pzfreo #wso2 9
API Centric Capabilities @pzfreo #wso2 10
API Management Space o Create APIs o WSO2 Application Server, Data Services Server and ESB, any other platform o Find and subscribe/buy APIs o API Store and Governance o Manage, secure and protect APIs o API Management and Gateway o Monitor and Monetize APIs o API Monitoring and Analytics @pzfreo #wso2 11
Core Concepts • Components • Users and Roles • Lifecycle Management • Publisher • Store • Gateway • Deployment • Analytics @pzfreo #wso2
API Manager Product and Platform @pzfreo #wso2 13
API Manager Components @pzfreo #wso2 14
Roles o API Creator o Designs, Implements, manages and versions API o Understand business and technical requirements o Cares about usage and scaling o Seeks feedback, ratings, usage o API Publisher o Publishes, Promotes and encourages consumers to adopt APIs o Determines usage patterns and how to best monetize asset o Monitors and secures o API Consumer o Understands the interface definition o Subscribes and connects application to API o Monitors own usage and cost basis o Provides feedback and ratings @pzfreo #wso2 15
API Life Cycle Management @pzfreo #wso2 16
Publisher https://apimgr:9443/publisher @pzfreo #wso2
Publisher @pzfreo #wso2
API Store (Portal) @pzfreo #wso2
API Store: Customization @pzfreo #wso2
API Store: Social Features o Share with fellow developers via social media or mail o Embed API link into blogs, Tweets, etc. @pzfreo #wso2
Workflows o Available for user self-sign up, API subscription and application creation o Provides extension point to engage custom workflow. Default sample implementation leverages WSO2 Business Process Server, but other engines could be used. @pzfreo #wso2
API Gateway Processing Flow @pzfreo #wso2
API Access Tokens o OAuth2 standard compliant o Supports multiple grant types o SAML, IWA/NTLM o Client credential, Implicit, Password o Pre-generated Access Token: can be used from an application, to identify the application itself o On-demand Access Token: generated via API call, using Consumer Key and Consumer Secret - Identifies the end user of an application (web applications, mobile applications) @pzfreo #wso2 24
@pzfreo #wso2
Scalable Deployment @pzfreo #wso2
Other deployment aspects • Support for staging and migration between environments • Support for separate gateways for Prod and Sandbox • Support for splitting into DMZ / Intranet zones • Highly flexible architecture @pzfreo #wso2
Analytics o API Manager supports out of the box: o Google Analytics o WSO2 Business Activity Monitor Analytics @pzfreo #wso2 28
Why Analytics are important • Build confidence in the API model • Understand your customer – Not just the developer but also the end-user • Help manage services and versions – Understand when deprecated services can be retired • Plan better – Monitor the growth of aggregated API traffic – Monitor the growth of specific apps @pzfreo #wso2 29
Sample API Analytics @pzfreo #wso2 30
Multi-Tenancy @pzfreo #wso2
Hands on • Use the API Publisher – As a creator and a publisher • Sign up as a third-party developer • Subscribe to an API • Utilize production and sandbox endpoints • View analytics and usage stats • Version an API (extension) @pzfreo #wso2
Hands on setup • VirtualBox VM • Ultra-simple node.js backend • Pre-configured API manager and Business Activity Monitor – Installed – Configured to work together – Setup to use hostname apimgr – Added users and roles • A subset of the “Quick Start Guide” http://freo.me/am170-qs @pzfreo #wso2
@pzfreo #wso2 Identity Server and Federated Identity
@pzfreo #wso2
Multi-Factor Authentication @pzfreo #wso2
Multi-Factor Authentication • Something you just forgot • Something you just lost • Some part of your body you just injured @pzfreo #wso2
Tokens @pzfreo #wso2
Federated SAML2 @pzfreo #wso2 IdIdPP IdIdPP IdIdPP IdIdPP SSPP SSPP SSPP SSPP
The Enterprise Identity Bus @pzfreo #wso2
Demo • Quick overview of Identity Server console • Set up of Salesforce domain • Definition of the SP in IS • Demonstrate login • Show Facebook App definition • Show Facebook Configuration in IS • Change to use Facebook • Login with Facebook @pzfreo #wso2
Salesforce setup @pzfreo #wso2
Identity User Portal @pzfreo #wso2
SSO and Identity Federation @pzfreo #wso2
Identity Provisioning @pzfreo #wso2
Identity Bus Tokens and Claims @pzfreo #wso2
Identity Bus Provisioning Bus @pzfreo #wso2
Fine-grained Access Control @pzfreo #wso2
@pzfreo #wso2
@pzfreo #wso2 Carbon Combinations • Identity Server + Governance Registry • Identity Server + BAM + CEP • Identity Server + API Manager • Identity Server + App Manager • Identity Server + Business Process Server • Etc… 50
@pzfreo #wso2 App Manager Launching Q4 * IdP (WSO2 Identity Server) (WSO2 Business Activity Monitor)
More about WSO2 • All 100% Open Source under the Apache License • A complete middleware platform • Sessions @ JAX: – Keynote – Connecting the World (Tuesday 9am) – Understanding Real Time Event Processing through Football • Senaka Fernando – Tuesday 11:45am – Apache Stratos: the PaaS from Apache • Lakmal Warusawithana – Wednesday 11:30am @pzfreo #wso2
Questions? @pzfreo #wso2 https://www.flickr.com/photos/-bast-

More Related Content

PPTX
Azure API Management
byDaniel Toomey
 
PDF
API Management - Why it matters!
bySven Bernhardt
 
PPTX
Apigee Products Overview
byApigee | Google Cloud
 
PPTX
Exposing services with Azure API Management
byCallon Campbell
 
PPTX
Deep-Dive: Secure API Management
byApigee | Google Cloud
 
PPT
API Management architect presentation
bysflynn073
 
PDF
Apigee Demo: API Platform Overview
byApigee | Google Cloud
 
PPTX
02 api gateway
byJanani Velmurugan
 
Azure API Management
byDaniel Toomey
 
API Management - Why it matters!
bySven Bernhardt
 
Apigee Products Overview
byApigee | Google Cloud
 
Exposing services with Azure API Management
byCallon Campbell
 
Deep-Dive: Secure API Management
byApigee | Google Cloud
 
API Management architect presentation
bysflynn073
 
Apigee Demo: API Platform Overview
byApigee | Google Cloud
 
02 api gateway
byJanani Velmurugan
 

What's hot

PDF
Architecting an Enterprise API Management Strategy
byWSO2
 
PDF
APIConnect Security Best Practice
byShiu-Fun Poon
 
PPTX
API Management Within a Microservices Architecture
byNadeesha Gamage
 
PDF
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
PDF
API Management Solution Powerpoint Presentation Slides
bySlideTeam
 
PDF
WSO2 API Manager - Product Overview
byWSO2
 
PDF
Crossing the low-code and pro-code chasm: a platform approach
byAsanka Abeysinghe
 
PPTX
API Management
byProlifics
 
PDF
Introduction to Kong API Gateway
byYohann Ciurlik
 
PPTX
API Strategy Introduction
byDoug Gregory
 
PDF
API first Design and Microservices
bySven Bernhardt
 
PPTX
Overview of API Management Architectures
byNordic APIs
 
PDF
Apigee Edge: Intro to Microgateway
byApigee | Google Cloud
 
PPTX
Apigee Edge Product Demo
byApigee | Google Cloud
 
PDF
API Governance
bySunil Kuchipudi
 
PPTX
Apigee Edge Overview and Roadmap
byApigee | Google Cloud
 
ODP
Kong API Gateway
byChris Mague
 
PDF
Event-Driven Architecture (EDA)
byWSO2
 
PPTX
Api gateway in microservices
byKunal Hire
 
PDF
How Secure Are Your APIs?
byApigee | Google Cloud
 
Architecting an Enterprise API Management Strategy
byWSO2
 
APIConnect Security Best Practice
byShiu-Fun Poon
 
API Management Within a Microservices Architecture
byNadeesha Gamage
 
Highlights of WSO2 API Manager 4.0.0
byWSO2
 
API Management Solution Powerpoint Presentation Slides
bySlideTeam
 
WSO2 API Manager - Product Overview
byWSO2
 
Crossing the low-code and pro-code chasm: a platform approach
byAsanka Abeysinghe
 
API Management
byProlifics
 
Introduction to Kong API Gateway
byYohann Ciurlik
 
API Strategy Introduction
byDoug Gregory
 
API first Design and Microservices
bySven Bernhardt
 
Overview of API Management Architectures
byNordic APIs
 
Apigee Edge: Intro to Microgateway
byApigee | Google Cloud
 
Apigee Edge Product Demo
byApigee | Google Cloud
 
API Governance
bySunil Kuchipudi
 
Apigee Edge Overview and Roadmap
byApigee | Google Cloud
 
Kong API Gateway
byChris Mague
 
Event-Driven Architecture (EDA)
byWSO2
 
Api gateway in microservices
byKunal Hire
 
How Secure Are Your APIs?
byApigee | Google Cloud
 

Viewers also liked

PDF
Best Practices for API Management
byWSO2
 
PPTX
API Management in Digital Transformation
byAditya Thatte
 
PDF
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
byKai Wähner
 
PDF
API Business Models
byJohn Musser
 
PDF
WSO2 Identity Server - Product Overview
byWSO2
 
PPTX
SAP API Management and API Business Hub (TechEd Barcelona)
byHarsh Jegadeesan
 
PDF
GraphQL vs REST
byGreeceJS
 
PPTX
API Athens Meetup - API standards 25-6-2014
byMichael Petychakis
 
PDF
API Management point of view
byRavish Adka Rao
 
PPTX
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
byNordic APIs
 
PPT
Enterprise API deployment best practice
bySanjay Roy
 
PDF
Authorization The Missing Piece of the Puzzle
byNordic APIs
 
PDF
API Introduction - API Management Workshop Munich from Ronnie Mitra
byCA API Management
 
PPT
Why APIs are not SOA++
byApigee | Google Cloud
 
PPTX
Extended Security with WSO2 API Management Platform
byWSO2
 
PDF
Welcome to the API Economy: Developing Your API Strategy
byMuleSoft
 
PDF
Best Practice in API Design
byLorna Mitchell
 
PDF
Rapid Api Prototyping
byKong Inc.
 
PDF
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
byAndreas Krohn
 
PDF
Running an API 24/365
byNordic APIs
 
Best Practices for API Management
byWSO2
 
API Management in Digital Transformation
byAditya Thatte
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
byKai Wähner
 
API Business Models
byJohn Musser
 
WSO2 Identity Server - Product Overview
byWSO2
 
SAP API Management and API Business Hub (TechEd Barcelona)
byHarsh Jegadeesan
 
GraphQL vs REST
byGreeceJS
 
API Athens Meetup - API standards 25-6-2014
byMichael Petychakis
 
API Management point of view
byRavish Adka Rao
 
Pie for Sale: Timeless Lessons in API Advocacy (Adam DuVander)
byNordic APIs
 
Enterprise API deployment best practice
bySanjay Roy
 
Authorization The Missing Piece of the Puzzle
byNordic APIs
 
API Introduction - API Management Workshop Munich from Ronnie Mitra
byCA API Management
 
Why APIs are not SOA++
byApigee | Google Cloud
 
Extended Security with WSO2 API Management Platform
byWSO2
 
Welcome to the API Economy: Developing Your API Strategy
byMuleSoft
 
Best Practice in API Design
byLorna Mitchell
 
Rapid Api Prototyping
byKong Inc.
 
State of APIs: API trends from Nordic APIs Copenhagen & Sundsvall
byAndreas Krohn
 
Running an API 24/365
byNordic APIs
 

Similar to Workshop: API Management

PDF
API Management within a Microservice Architecture
byWSO2
 
PDF
Api management best practices with wso2 api manager
byChanaka Fernando
 
PDF
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
byWSO2
 
PDF
WSO2 API Platform: Vision and Roadmap
byWSO2
 
PDF
WSO2 API Manager 2.0 - Overview
byEdgar Silva
 
PDF
Digital Transformation for Karnataka Bank Through API-led Integration
byWSO2
 
PDF
API, Integration, and SOA Convergence
byKasun Indrasiri
 
PDF
Api centric enterprises
byWSO2
 
PDF
WSO2 Product Release Webinar Introducing WSO2 API Manager for Complete API ...
byWSO2
 
PDF
Presentation WSO2 workshop Brussels September 24th 2014 (APIs-Integration)
byYenlo
 
PDF
Presentation WSO2 Brussel workshop September 24th 2014 (Connect the world)
byYenlo
 
PDF
WSO2Con Asia 2014 - Building the API-Centric Enterprise
byWSO2
 
PDF
Building an API Centric SOA
byWSO2
 
PPTX
Connecting the World
byWSO2
 
PDF
Application Development with API Manager
byWSO2
 
PDF
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
byWSO2
 
PPTX
WSO2 Workshop Sydney 2016 - APIs
byDassana Wijesekara
 
PDF
Lessons from the Trenches: Building an API-Centric Architecture
byWSO2
 
PDF
Sharing Best Practices and Recommendations from the Integration Battlefield
byWSO2
 
PDF
The Evolution of Integration
byPaul Fremantle
 
API Management within a Microservice Architecture
byWSO2
 
Api management best practices with wso2 api manager
byChanaka Fernando
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0
byWSO2
 
WSO2 API Platform: Vision and Roadmap
byWSO2
 
WSO2 API Manager 2.0 - Overview
byEdgar Silva
 
Digital Transformation for Karnataka Bank Through API-led Integration
byWSO2
 
API, Integration, and SOA Convergence
byKasun Indrasiri
 
Api centric enterprises
byWSO2
 
WSO2 Product Release Webinar Introducing WSO2 API Manager for Complete API ...
byWSO2
 
Presentation WSO2 workshop Brussels September 24th 2014 (APIs-Integration)
byYenlo
 
Presentation WSO2 Brussel workshop September 24th 2014 (Connect the world)
byYenlo
 
WSO2Con Asia 2014 - Building the API-Centric Enterprise
byWSO2
 
Building an API Centric SOA
byWSO2
 
Connecting the World
byWSO2
 
Application Development with API Manager
byWSO2
 
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
byWSO2
 
WSO2 Workshop Sydney 2016 - APIs
byDassana Wijesekara
 
Lessons from the Trenches: Building an API-Centric Architecture
byWSO2
 
Sharing Best Practices and Recommendations from the Integration Battlefield
byWSO2
 
The Evolution of Integration
byPaul Fremantle
 

More from WSO2

PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PDF
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 
PDF
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
PDF
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
PDF
Platformless Modernization with Choreo.pdf
byWSO2
 
PDF
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
PDF
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
PDF
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
PDF
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
PDF
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
PPTX
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
PPTX
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
PDF
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
PPTX
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
PPTX
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
PDF
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
PDF
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
byWSO2
 
Modern Platform Engineering with Choreo - The AI-Native Internal Developer Pl...
byWSO2
 
Build Smarter, Deliver Faster with Choreo - An AI Native Internal Developer P...
byWSO2
 
Platformless Modernization with Choreo.pdf
byWSO2
 
Application Modernization with Choreo - The AI-Native Internal Developer Plat...
byWSO2
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
[Roundtable] Choreo - The AI-Native Internal Developer Platform as a Service
byWSO2
 
Application Modernization with Choreo for the BFSI Sector
byWSO2
 
Choreo - The AI-Native Internal Developer Platform as a Service: Overview
byWSO2
 
Mastering Intelligent Digital Experiences with Platformless Modernization
byWSO2
 
WSO2Con 2025 - Building Secure Customer Experience Apps
byWSO2
 
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
byWSO2
 
WSO2Con 2025 - How an Internal Developer Platform Lets Developers Focus on Code
byWSO2
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
Accelerate Enterprise Software Engineering with Platformless
byWSO2
 
WSO2Con 2025 - Architecting Cloud-Native Applications
byWSO2
 
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
byWSO2
 
Demystifying CMS-0057-F - Compliance Made Seamless with WSO2
byWSO2
 
Quantum Threats Are Closer Than You Think – Act Now to Stay Secure
byWSO2
 

Recently uploaded

PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
PDF
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
PDF
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
PPTX
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
PDF
OutSystsems User Group Brabant November 2025
bymail496323
 
PDF
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
PDF
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
PDF
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
PPTX
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
PDF
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
PPTX
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
PPTX
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
PDF
Mastering Handlers, Conditions, and Loops in Ansible Playbooks - RHCE.pdf
byLinuxCert Guru
 
PDF
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
PDF
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
PDF
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
PPTX
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
November 2025 OpenMetadata Community Spotlight - Astronomer & Airflow 3
byOpenMetadata
 
Beyond Basics: How to Build Scalable, Intelligent Imagery Pipelines
bySafe Software
 
Running Non-Cloud-Native Databases in Cloud-Native Environments_ Challenges a...
byAlkin Tezuysal
 
AI: Beyond Generative AI and LLM | Harrie de Groot (harrie.dev)
byHarrie de Groot
 
OutSystsems User Group Brabant November 2025
bymail496323
 
Building a Multi-Tenant OpenShift Platform with HyperShift
byTosin Akinosho
 
Supervised Machine Learning Approaches for Log-Based Anomaly Detection: A Cas...
byMohammed BEKKOUCHE
 
IDSECCONF2025 - Rama Tri Nanda - Hunting Stingray GSM on Budget.pdf
byidsecconf
 
Standardising and simplifying systems and data management - Esri UK Welsh Con...
byEsri UK
 
AI in Food Production (Foodwell) - AI Solutions Supporting Operations
bybyteLAKE
 
Building powerful web apps to improve productivity and engagement - Esri UK W...
byEsri UK
 
Understanding the digital experience of FE teaching staff in 2024/25
byJisc
 
Mastering Handlers, Conditions, and Loops in Ansible Playbooks - RHCE.pdf
byLinuxCert Guru
 
THE THREATS OF INSTABILITY IN BRAZIL'S INTERCONNECTED ELECTRICAL SYSTEM AND H...
byFaga1939
 
Mutation Testing for Industrial Robotic Systems (FMAS 2025)
bySylvain Hallé
 
Introduction to Shell Scripting - RHCSA+.pdf
byLinuxCert Guru
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
LVM Management and Disaster Recovery.pdf
byLinuxCert Guru
 
Osmosis webinar presentation Nov 2025:Empowering UK Nursing Education
byJisc
 

Workshop: API Management

  • 1.
    @pzfreo #wso2 APIManagement Workshop JAX London Paul Fremantle Senaka Fernando @pzfreo #wso2
  • 2.
    Agenda • Introductionsand Welcome • API Economy and Vision • API Management Overview • API Management Exercise • Short Introduction to WSO2 Identity Server • Identity Server demonstration @pzfreo #wso2
  • 3.
    Open Enterprise Credit:KuppingerCole @pzfreo #wso2
  • 4.
    Changing models ofbusiness @pzfreo #wso2
  • 5.
    Frictionless Business •Integration with other companies and organizations • API Management • Self-signup for developers • Almost zero cost per transaction • Approaching zero time for onboarding @pzfreo #wso2
  • 6.
  • 7.
  • 8.
    APIs meet SOA @pzfreo #wso2 8
  • 9.
    Managing APIs oAn API is a business capability delivered over the Internet to internal or external consumers o Network accessible function o Available using standard web protocols o With well-defined interfaces o Designed for access by third-parties o A Managed API is: o Actively advertised and subscribe-able o Available with SLAs o Secured, authenticated, authorized and protected o Monitored and monetized with analytics @pzfreo #wso2 9
  • 10.
    API Centric Capabilities @pzfreo #wso2 10
  • 11.
    API Management Space o Create APIs o WSO2 Application Server, Data Services Server and ESB, any other platform o Find and subscribe/buy APIs o API Store and Governance o Manage, secure and protect APIs o API Management and Gateway o Monitor and Monetize APIs o API Monitoring and Analytics @pzfreo #wso2 11
  • 12.
    Core Concepts •Components • Users and Roles • Lifecycle Management • Publisher • Store • Gateway • Deployment • Analytics @pzfreo #wso2
  • 13.
    API Manager Productand Platform @pzfreo #wso2 13
  • 14.
    API Manager Components @pzfreo #wso2 14
  • 15.
    Roles o APICreator o Designs, Implements, manages and versions API o Understand business and technical requirements o Cares about usage and scaling o Seeks feedback, ratings, usage o API Publisher o Publishes, Promotes and encourages consumers to adopt APIs o Determines usage patterns and how to best monetize asset o Monitors and secures o API Consumer o Understands the interface definition o Subscribes and connects application to API o Monitors own usage and cost basis o Provides feedback and ratings @pzfreo #wso2 15
  • 16.
    API Life CycleManagement @pzfreo #wso2 16
  • 17.
  • 18.
  • 19.
    API Store (Portal) @pzfreo #wso2
  • 20.
  • 21.
    API Store: SocialFeatures o Share with fellow developers via social media or mail o Embed API link into blogs, Tweets, etc. @pzfreo #wso2
  • 22.
    Workflows o Availablefor user self-sign up, API subscription and application creation o Provides extension point to engage custom workflow. Default sample implementation leverages WSO2 Business Process Server, but other engines could be used. @pzfreo #wso2
  • 23.
    API Gateway ProcessingFlow @pzfreo #wso2
  • 24.
    API Access Tokens o OAuth2 standard compliant o Supports multiple grant types o SAML, IWA/NTLM o Client credential, Implicit, Password o Pre-generated Access Token: can be used from an application, to identify the application itself o On-demand Access Token: generated via API call, using Consumer Key and Consumer Secret - Identifies the end user of an application (web applications, mobile applications) @pzfreo #wso2 24
  • 25.
  • 26.
  • 27.
    Other deployment aspects • Support for staging and migration between environments • Support for separate gateways for Prod and Sandbox • Support for splitting into DMZ / Intranet zones • Highly flexible architecture @pzfreo #wso2
  • 28.
    Analytics o APIManager supports out of the box: o Google Analytics o WSO2 Business Activity Monitor Analytics @pzfreo #wso2 28
  • 29.
    Why Analytics areimportant • Build confidence in the API model • Understand your customer – Not just the developer but also the end-user • Help manage services and versions – Understand when deprecated services can be retired • Plan better – Monitor the growth of aggregated API traffic – Monitor the growth of specific apps @pzfreo #wso2 29
  • 30.
    Sample API Analytics @pzfreo #wso2 30
  • 31.
  • 32.
    Hands on •Use the API Publisher – As a creator and a publisher • Sign up as a third-party developer • Subscribe to an API • Utilize production and sandbox endpoints • View analytics and usage stats • Version an API (extension) @pzfreo #wso2
  • 33.
    Hands on setup • VirtualBox VM • Ultra-simple node.js backend • Pre-configured API manager and Business Activity Monitor – Installed – Configured to work together – Setup to use hostname apimgr – Added users and roles • A subset of the “Quick Start Guide” http://freo.me/am170-qs @pzfreo #wso2
  • 34.
    @pzfreo #wso2 IdentityServer and Federated Identity
  • 35.
  • 36.
  • 37.
    Multi-Factor Authentication •Something you just forgot • Something you just lost • Some part of your body you just injured @pzfreo #wso2
  • 38.
  • 39.
    Federated SAML2 @pzfreo#wso2 IdIdPP IdIdPP IdIdPP IdIdPP SSPP SSPP SSPP SSPP
  • 40.
    The Enterprise IdentityBus @pzfreo #wso2
  • 41.
    Demo • Quickoverview of Identity Server console • Set up of Salesforce domain • Definition of the SP in IS • Demonstrate login • Show Facebook App definition • Show Facebook Configuration in IS • Change to use Facebook • Login with Facebook @pzfreo #wso2
  • 42.
  • 43.
    Identity User Portal @pzfreo #wso2
  • 44.
    SSO and IdentityFederation @pzfreo #wso2
  • 45.
  • 46.
    Identity Bus Tokensand Claims @pzfreo #wso2
  • 47.
    Identity Bus ProvisioningBus @pzfreo #wso2
  • 48.
  • 49.
  • 50.
    @pzfreo #wso2 CarbonCombinations • Identity Server + Governance Registry • Identity Server + BAM + CEP • Identity Server + API Manager • Identity Server + App Manager • Identity Server + Business Process Server • Etc… 50
  • 51.
    @pzfreo #wso2 AppManager Launching Q4 * IdP (WSO2 Identity Server) (WSO2 Business Activity Monitor)
  • 52.
    More about WSO2 • All 100% Open Source under the Apache License • A complete middleware platform • Sessions @ JAX: – Keynote – Connecting the World (Tuesday 9am) – Understanding Real Time Event Processing through Football • Senaka Fernando – Tuesday 11:45am – Apache Stratos: the PaaS from Apache • Lakmal Warusawithana – Wednesday 11:30am @pzfreo #wso2
  • 53.
    Questions? @pzfreo #wso2 https://www.flickr.com/photos/-bast-